Statement

Device locks are implemented to prevent logical access to organizational systems when users stop work and move away from the immediate vicinity of those systems but do not want to log out because of the temporary nature of their absences. 

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

• University systems shall be configured to intiate a session or device lock after a period of inactivity, defined by the risk associated with the systems use. Users are encouraged to initiate locks whenever leaving their workstation for any length of time.
• Session or device locks shall be configured to conceal information visable on the display.
• Session or device locks shall remain in place until the users completes an authentication process to verify access.